North Korea kicked off the internet by giant DDoS: Was it the USA, or someone else?

This site may earn affiliate commissions from the links on this page. Terms of use.

Yesterday evening, North Korea was unceremoniously knocked off the internet by a distributed denial of service (DDoS) attack. This comes shortly after the US government promised a “proportional response” to the Sony Pictures hack, which the FBI believes was carried out by North Korea. While it would be rather funny if the US government was responsible for taking North Korea off the internet, it’s more likely to be the actions of some disgruntled hacktivists such as Anonymous or Lizard Squad. As of this morning, internet access is beginning to return in North Korea, after an outage lasting 9 hours and 31 minutes.

While it isn’t unusual for a service to be taken offline by a DDoS — both Xbox Live and PlayStation Network have suffered outages in the last few months due to a DDoS — it’s almost unheard of for a whole country to be punted off the internet. If I tell you a little bit about North Korea’s awful internet connectivity, though, it will begin to make a bit more sense.

As you may know, freedom of information doesn’t exist in North Korea. There are newspapers and TV stations, but they’re all state-owned. Generally, that’s one of the best signs that you’re dealing with a dictatorship rather than a democracy: Very tightly controlled information flows. As history has shown, it’s very easy to control a population when most of their information/knowledge/dogma stems from just a single point. The internet, which makes the sum of all human knowledge freely available, doesn’t jibe very well with the North Korean regime. As a result, only a few higher-ups in North Korea actually have access to the internet — most citizens have to make-do with a state-controlled intranet.

The entirety of North Korea’s allocated IP addresses – four blocks of 256 addresses, or 1024 IPv4 addresses in total

Because North Korea doesn’t really use the internet, it only has a very small connection (backbone) to the rest of the internet, provided by telecommunications giant China Unicom. We don’t know the exact size of this pipe — but according to Arbor Networks, the DDoS peaked at just 6Gbps, which is fairly small in the grand scale of things. This might seem unrealistically small for an entire country, but bear in mind that North Korea also has one of the smallest IP address allocations in the world, too — a total of just 1024 addresses assigned or allocated by APNIC. Your university will have had a larger IP address allocation than North Korea, and its connection to the internet was probably faster as well. (North Korea does have a backup satellite connection, incidentally, but I don’t know if it was also DDoSed.)

In short, it’s not very hard to DDoS North Korea. As far as we’re aware, the country only has a single cable connecting it to the rest of the internet. It might be a little harder if the country had multiple redundant links, but as far as DDoSing goes, a single, low-bandwidth link is trivial. On the flip side, of course, DDoSing North Korea probably didn’t achieve a whole lot — remember, the 25 million citizens of North Korea don’t have access to the internet. I’m sure supreme leader Kim Jong-un was annoyed that he couldn’t visit ExtremeTech for the latest science and technology news, and there was probably a general or two who had to go without the latest episode of Homeland, but we’re still only talking about a nuisance for (maybe) a few hundred people.

But who was behind the attack? Lizard Squad, which has previously DDoSed the PlayStation Network and Xbox Live services, seemed to take responsibility for the attack on North Korea with the following tweet: “Xbox Live & other targets have way more capacity. North Korea is a piece of cake.” (Their Twitter account has since been suspended.) Anonymous, which was collectively upset over the whole Sony Pictures/North Korea/The Interview debacle, also has a history of using DDoSes. While the US government has promised retaliation for North Korea’s role in hacking Sony Pictures, it seems unlikely that a temporary DDoS would be it — but who knows. While a short DDoS won’t have affected North Korea at all, a long-term DDoS lasting weeks or months might actually cause some problems — and if anyone has the tools to carry out such an attack, it’s the USA’s cyberwarfare division.

Tagged In

This site may earn affiliate commissions from the links on this page. Terms of use.

ExtremeTech Newsletter

Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.

Email

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our
Terms of Use and
Privacy Policy. You may unsubscribe from the newsletter at any time.